rhsa-2021:3658
Vulnerability from csaf_redhat
Published
2021-09-23 16:26
Modified
2025-03-19 15:05
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.1 security update on RHEL 8
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.0 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.1 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* velocity: arbitrary code execution when attacker is able to modify templates (CVE-2020-13936)
* undertow: buffer leak on incoming websocket PONG message may lead to DoS (CVE-2021-3690)
* undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS (CVE-2021-3597)
* wildfly-elytron: possible timing attack in ScramServer (CVE-2021-3642)
* netty: possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295)
* netty: Request smuggling via content-length header (CVE-2021-21409)
* jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate (CVE-2021-28170)
* apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 (CVE-2021-29425)
* wildfly: XSS via admin console when creating roles in domain mode (CVE-2021-3536)
* wildfly-core: Invalid Sensitivity Classification of Vault Expression (CVE-2021-3644)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.0 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.1 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* velocity: arbitrary code execution when attacker is able to modify templates (CVE-2020-13936)\n\n* undertow: buffer leak on incoming websocket PONG message may lead to DoS (CVE-2021-3690)\n\n* undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS (CVE-2021-3597)\n\n* wildfly-elytron: possible timing attack in ScramServer (CVE-2021-3642)\n\n* netty: possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295)\n\n* netty: Request smuggling via content-length header (CVE-2021-21409)\n\n* jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate (CVE-2021-28170)\n\n* apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 (CVE-2021-29425)\n\n* wildfly: XSS via admin console when creating roles in domain mode (CVE-2021-3536)\n\n* wildfly-core: Invalid Sensitivity Classification of Vault Expression (CVE-2021-3644)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2021:3658", url: "https://access.redhat.com/errata/RHSA-2021:3658", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", }, { category: "external", summary: "1937364", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1937364", }, { category: "external", summary: "1937440", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1937440", }, { category: "external", summary: "1944888", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1944888", }, { category: "external", summary: "1948001", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1948001", }, { category: "external", summary: "1948752", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1948752", }, { category: "external", summary: "1965497", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1965497", }, { category: "external", summary: "1970930", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1970930", }, { category: "external", summary: "1976052", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1976052", }, { category: "external", summary: "1981407", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1981407", }, { category: "external", summary: "1991299", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1991299", }, { category: "external", summary: "JBEAP-18402", url: "https://issues.redhat.com/browse/JBEAP-18402", }, { category: "external", summary: "JBEAP-21231", url: "https://issues.redhat.com/browse/JBEAP-21231", }, { category: "external", summary: "JBEAP-21257", url: "https://issues.redhat.com/browse/JBEAP-21257", }, { category: "external", summary: "JBEAP-21258", url: "https://issues.redhat.com/browse/JBEAP-21258", }, { category: "external", summary: "JBEAP-21261", url: "https://issues.redhat.com/browse/JBEAP-21261", }, { category: "external", summary: "JBEAP-21263", url: "https://issues.redhat.com/browse/JBEAP-21263", }, { category: "external", summary: "JBEAP-21270", url: "https://issues.redhat.com/browse/JBEAP-21270", }, { category: "external", summary: "JBEAP-21276", url: "https://issues.redhat.com/browse/JBEAP-21276", }, { category: "external", summary: "JBEAP-21277", url: "https://issues.redhat.com/browse/JBEAP-21277", }, { category: "external", summary: "JBEAP-21281", url: "https://issues.redhat.com/browse/JBEAP-21281", }, { category: "external", summary: "JBEAP-21300", url: "https://issues.redhat.com/browse/JBEAP-21300", }, { category: "external", summary: "JBEAP-21309", url: "https://issues.redhat.com/browse/JBEAP-21309", }, { category: "external", summary: "JBEAP-21313", url: "https://issues.redhat.com/browse/JBEAP-21313", }, { category: "external", summary: "JBEAP-21472", url: "https://issues.redhat.com/browse/JBEAP-21472", }, { category: "external", summary: "JBEAP-21569", url: "https://issues.redhat.com/browse/JBEAP-21569", }, { category: "external", summary: "JBEAP-21777", url: "https://issues.redhat.com/browse/JBEAP-21777", }, { category: "external", summary: "JBEAP-21781", url: "https://issues.redhat.com/browse/JBEAP-21781", }, { category: "external", summary: "JBEAP-21818", url: "https://issues.redhat.com/browse/JBEAP-21818", }, { category: "external", summary: "JBEAP-21961", url: "https://issues.redhat.com/browse/JBEAP-21961", }, { category: "external", summary: "JBEAP-21978", url: "https://issues.redhat.com/browse/JBEAP-21978", }, { category: "external", summary: "JBEAP-22009", url: "https://issues.redhat.com/browse/JBEAP-22009", }, { category: "external", summary: "JBEAP-22084", url: "https://issues.redhat.com/browse/JBEAP-22084", }, { category: "external", summary: "JBEAP-22088", url: "https://issues.redhat.com/browse/JBEAP-22088", }, { category: "external", summary: "JBEAP-22160", url: "https://issues.redhat.com/browse/JBEAP-22160", }, { category: "external", summary: "JBEAP-22209", url: "https://issues.redhat.com/browse/JBEAP-22209", }, { category: "external", summary: "JBEAP-22318", url: "https://issues.redhat.com/browse/JBEAP-22318", }, { category: "external", summary: "JBEAP-22319", url: "https://issues.redhat.com/browse/JBEAP-22319", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3658.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.1 security update on RHEL 8", tracking: { current_release_date: "2025-03-19T15:05:33+00:00", generator: { date: "2025-03-19T15:05:33+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2021:3658", initial_release_date: "2021-09-23T16:26:18+00:00", revision_history: [ { date: "2021-09-23T16:26:18+00:00", number: "1", summary: "Initial version", }, { date: "2021-09-23T16:26:18+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-19T15:05:33+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss EAP 7.4 for RHEL 8", product: { name: "Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.src", product: { name: "eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.src", product_id: "eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-yasson@1.0.9-1.redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.src", product: { name: "eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.src", product_id: "eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-velocity@2.3.0-1.redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.src", product: { name: "eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.src", product_id: "eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketbox@5.0.3-9.Final_redhat_00008.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty@4.1.63-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jberet@1.3.9-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.src", product: { name: "eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.src", product_id: "eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jakarta-el@3.0.3-2.redhat_00006.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.src", product: { name: "eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.src", product_id: "eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-commons-io@2.10.0-1.redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.src", product: { name: "eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.src", product_id: "eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-artemis-wildfly-integration@1.0.4-1.redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-elytron-web@1.9.1-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate@5.3.21-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jgroups-kubernetes@1.0.16-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.src", product: { name: "eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.src", product_id: "eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-remoting@5.0.23-2.SP1_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar@1.4.35-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.7-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.5-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-infinispan@11.0.12-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.src", product: { name: "eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.src", product_id: "eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-36.redhat_00013.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src", product_id: "eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-http-client@1.1.8-1.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.src", product: { name: "eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.src", product_id: "eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.14-2.Final_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.src", product: { name: "eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.src", product_id: "eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.9-2.SP1_redhat_00001.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.src", product: { name: "eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.src", product_id: "eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-8.Final_redhat_00009.1.el8eap?arch=src", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.src", product: { name: "eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.src", product_id: "eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.src", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.1-2.GA_redhat_00003.1.el8eap?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-yasson@1.0.9-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-velocity@2.3.0-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-velocity-engine-core@2.3.0-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", product: { name: "eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", product_id: "eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketbox@5.0.3-9.Final_redhat_00008.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", product: { name: "eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", product_id: "eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-picketbox-infinispan@5.0.3-9.Final_redhat_00008.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty@4.1.63-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-netty-all@4.1.63-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jberet@1.3.9-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jberet-core@1.3.9-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.noarch", product: { name: "eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.noarch", product_id: "eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jakarta-el@3.0.3-2.redhat_00006.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-apache-commons-io@2.10.0-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.noarch", product: { name: "eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.noarch", product_id: "eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-artemis-wildfly-integration@1.0.4-1.redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow-server@1.9.1-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate@5.3.21-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-core@5.3.21-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.21-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-envers@5.3.21-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hibernate-java8@5.3.21-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jgroups-kubernetes@1.0.16-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.noarch", product: { name: "eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.noarch", product_id: "eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-remoting@5.0.23-2.SP1_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar@1.4.35-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.4.35-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.4.35-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.4.35-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.4.35-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.4.35-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.4.35-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.4.35-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-ironjacamar-validator@1.4.35-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-hal-console@3.3.7-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.5-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.5-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-infinispan@11.0.12-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@11.0.12-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@11.0.12-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-infinispan-client-hotrod@11.0.12-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-infinispan-commons@11.0.12-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-infinispan-component-annotations@11.0.12-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-infinispan-core@11.0.12-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@11.0.12-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@11.0.12-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@11.0.12-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.noarch", product: { name: "eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.noarch", product_id: "eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-xalan-j2@2.7.1-36.redhat_00013.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.1.8-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.1.8-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.1.8-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.1.8-1.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.noarch", product: { name: "eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.noarch", product_id: "eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.14-2.Final_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.noarch", product: { name: "eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.noarch", product_id: "eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-undertow@2.2.9-2.SP1_redhat_00001.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", product: { name: "eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", product_id: "eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-8.Final_redhat_00009.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", product: { name: "eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", product_id: "eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-8.Final_redhat_00009.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", product: { name: "eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", product_id: "eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-8.Final_redhat_00009.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", product: { name: "eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", product_id: "eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly@7.4.1-2.GA_redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", product: { name: "eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", product_id: "eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.1-2.GA_redhat_00003.1.el8eap?arch=noarch", }, }, }, { category: "product_version", name: "eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", product: { name: "eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", product_id: "eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/eap7-wildfly-modules@7.4.1-2.GA_redhat_00003.1.el8eap?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.src", }, product_reference: "eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.src", }, product_reference: "eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.noarch", }, product_reference: "eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.src", }, product_reference: "eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.src", }, product_reference: "eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.src", }, product_reference: "eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", }, product_reference: "eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", }, product_reference: "eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", }, product_reference: "eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.src", }, product_reference: "eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", }, product_reference: "eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.src", }, product_reference: "eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.src", }, product_reference: "eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.src", }, product_reference: "eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", }, product_reference: "eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.src", }, product_reference: "eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.noarch", }, product_reference: "eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.src", }, product_reference: "eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.noarch", }, product_reference: "eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.noarch", relates_to_product_reference: "8Base-JBEAP-7.4", }, { category: "default_component_of", full_product_name: { name: "eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", product_id: "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.src", }, product_reference: "eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.src", relates_to_product_reference: "8Base-JBEAP-7.4", }, ], }, vulnerabilities: [ { cve: "CVE-2020-13936", cwe: { id: "CWE-94", name: "Improper Control of Generation of Code ('Code Injection')", }, discovery_date: "2021-03-10T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1937440", }, ], notes: [ { category: "description", text: "A flaw was found in velocity. An attacker, able to modify Velocity templates, may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", title: "Vulnerability description", }, { category: "summary", text: "velocity: arbitrary code execution when attacker is able to modify templates", title: "Vulnerability summary", }, { category: "other", text: "OpenShift Container Platform (OCP) openshift-logging/elasticsearch6-rhel8 container does contain a vulnerable version of velocity. The references to the library only occur in the x-pack component which is an enterprise-only feature of Elasticsearch - hence it has been marked as wontfix as this time and may be fixed in a future release. Additionally the hive container only references velocity in the testutils of the code but the code still exists in the container, as such it has been given a Moderate impact.\n\n* Velocity as shipped with Red Hat Enterprise Linux 6 is not affected because it does not contain the vulnerable code.\n\n* Velocity as shipped with Red Hat Enterprise Linux 7 contains a vulnerable version, but it is used as a dependency for IdM/ipa, which does not use the vulnerable functionality. It has been marked as Moderate for this reason.\n\n* Although velocity shipped in Red Hat Enterprise Linux 8's pki-deps:10.6 for IdM/ipa is a vulnerable version, the vulnerable code is not used by pki. It has been marked as Low for this reason.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el8eap.noarch", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-13936", }, { category: "external", summary: "RHBZ#1937440", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1937440", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-13936", url: "https://www.cve.org/CVERecord?id=CVE-2020-13936", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-13936", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-13936", }, ], release_date: "2021-03-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2021-09-23T16:26:18+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el8eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2021:3658", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "velocity: arbitrary code execution when attacker is able to modify templates", }, { acknowledgments: [ { names: [ "Damian Bury", ], }, ], cve: "CVE-2021-3536", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2021-02-12T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1948001", }, ], notes: [ { category: "description", text: "A flaw was found in Wildfly. While creating a new role in the domain mode via the admin console, it is possible to add a payload in the name field, leading to a Cross-site scripting attack (XSS). The highest threat from this vulnerability is to confidentiality and integrity.", title: "Vulnerability description", }, { category: "summary", text: "wildfly: XSS via admin console when creating roles in domain mode", title: "Vulnerability summary", }, { category: "other", text: "This flaw does not affect Red Hat CodeReady Studio 12 because it uses the Wildfly client only. The domain mode is not used.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-3536", }, { category: "external", summary: "RHBZ#1948001", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1948001", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-3536", url: "https://www.cve.org/CVERecord?id=CVE-2021-3536", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-3536", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-3536", }, ], release_date: "2021-04-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2021-09-23T16:26:18+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2021:3658", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "wildfly: XSS via admin console when creating roles in domain mode", }, { cve: "CVE-2021-3597", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, discovery_date: "2021-02-06T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1970930", }, ], notes: [ { category: "description", text: "A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability.", title: "Vulnerability description", }, { category: "summary", text: "undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS", title: "Vulnerability summary", }, { category: "other", text: "Red Hat OpenStack Platform's OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-3597", }, { category: "external", summary: "RHBZ#1970930", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1970930", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-3597", url: "https://www.cve.org/CVERecord?id=CVE-2021-3597", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-3597", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-3597", }, ], release_date: "2021-06-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2021-09-23T16:26:18+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2021:3658", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS", }, { cve: "CVE-2021-3642", cwe: { id: "CWE-203", name: "Observable Discrepancy", }, discovery_date: "2021-06-30T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1981407", }, ], notes: [ { category: "description", text: "A flaw was found in Wildfly Elytron where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.", title: "Vulnerability description", }, { category: "summary", text: "wildfly-elytron: possible timing attack in ScramServer", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-3642", }, { category: "external", summary: "RHBZ#1981407", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1981407", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-3642", url: "https://www.cve.org/CVERecord?id=CVE-2021-3642", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-3642", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-3642", }, ], release_date: "2021-06-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2021-09-23T16:26:18+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2021:3658", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "wildfly-elytron: possible timing attack in ScramServer", }, { acknowledgments: [ { names: [ "Darran Lofthouse", ], organization: "Red Hat", summary: "This issue was discovered by Red Hat.", }, ], cve: "CVE-2021-3644", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2021-02-24T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1976052", }, ], notes: [ { category: "description", text: "A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. The highest threat from this vulnerability is data confidentiality and integrity.", title: "Vulnerability description", }, { category: "summary", text: "wildfly-core: Invalid Sensitivity Classification of Vault Expression", title: "Vulnerability summary", }, { category: "other", text: "Red Hat CodeReady Studio 12 is not affected by this flaw as it does not ship the vulnerable component of wildfly.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-3644", }, { category: "external", summary: "RHBZ#1976052", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1976052", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-3644", url: "https://www.cve.org/CVERecord?id=CVE-2021-3644", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-3644", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-3644", }, ], release_date: "2021-07-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2021-09-23T16:26:18+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2021:3658", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "wildfly-core: Invalid Sensitivity Classification of Vault Expression", }, { cve: "CVE-2021-3690", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, discovery_date: "2021-08-06T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1991299", }, ], notes: [ { category: "description", text: "A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.", title: "Vulnerability description", }, { category: "summary", text: "undertow: buffer leak on incoming websocket PONG message may lead to DoS", title: "Vulnerability summary", }, { category: "other", text: "Although Red Hat OpenStack Platform packages the vulnerable code in Opendaylight, it does not use or support the undertow-encapsulating features. The security impact for RHOSP is therefore rated as Low and no update will be provided at this time.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-3690", }, { category: "external", summary: "RHBZ#1991299", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1991299", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-3690", url: "https://www.cve.org/CVERecord?id=CVE-2021-3690", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-3690", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-3690", }, ], release_date: "2021-07-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2021-09-23T16:26:18+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2021:3658", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "undertow: buffer leak on incoming websocket PONG message may lead to DoS", }, { cve: "CVE-2021-21295", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, discovery_date: "2021-03-09T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1937364", }, ], notes: [ { category: "description", text: "In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling.", title: "Vulnerability description", }, { category: "summary", text: "netty: possible request smuggling in HTTP/2 due missing validation", title: "Vulnerability summary", }, { category: "other", text: "Red Hat OpenStack Platform's OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-21295", }, { category: "external", summary: "RHBZ#1937364", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1937364", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-21295", url: "https://www.cve.org/CVERecord?id=CVE-2021-21295", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-21295", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-21295", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj", url: "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj", }, ], release_date: "2021-03-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2021-09-23T16:26:18+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2021:3658", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "netty: possible request smuggling in HTTP/2 due missing validation", }, { cve: "CVE-2021-21409", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, discovery_date: "2021-03-30T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1944888", }, ], notes: [ { category: "description", text: "A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The highest threat from this vulnerability is to integrity.", title: "Vulnerability description", }, { category: "summary", text: "netty: Request smuggling via content-length header", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Satellite ships a vulnerable Netty version embedded in Candlepin. However, it is not directly vulnerable since the HTTP requests are handled by Tomcat and not by Netty.\nRed Hat OpenStack Platform's OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.\n\nIn OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-21409", }, { category: "external", summary: "RHBZ#1944888", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1944888", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-21409", url: "https://www.cve.org/CVERecord?id=CVE-2021-21409", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-21409", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-21409", }, { category: "external", summary: "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32", url: "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32", }, ], release_date: "2021-03-30T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2021-09-23T16:26:18+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2021:3658", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "netty: Request smuggling via content-length header", }, { cve: "CVE-2021-28170", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2021-05-26T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1965497", }, ], notes: [ { category: "description", text: "In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid.", title: "Vulnerability description", }, { category: "summary", text: "jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-28170", }, { category: "external", summary: "RHBZ#1965497", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1965497", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-28170", url: "https://www.cve.org/CVERecord?id=CVE-2021-28170", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-28170", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-28170", }, { category: "external", summary: "https://securitylab.github.com/advisories/GHSL-2020-021-jakarta-el/", url: "https://securitylab.github.com/advisories/GHSL-2020-021-jakarta-el/", }, ], release_date: "2021-04-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2021-09-23T16:26:18+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2021:3658", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate", }, { cve: "CVE-2021-29425", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2021-04-12T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.src", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1948752", }, ], notes: [ { category: "description", text: "In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like \"//../foo\", or \"\\\\..\\foo\", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus \"limited\" path traversal), if the calling code would use the result to construct a path value.", title: "Vulnerability description", }, { category: "summary", text: "apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6", title: "Vulnerability summary", }, { category: "other", text: "While the apache-commons-io package included in Red Hat Enterprise Linux 8 Maven App Stream contains the vulnerable code, it is not used in any way by Maven or other packages in this module. This package is not an API component of Maven, thus the affected code can not be reached in any supported scenario.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.src", ], known_not_affected: [ "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-29425", }, { category: "external", summary: "RHBZ#1948752", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1948752", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-29425", url: "https://www.cve.org/CVERecord?id=CVE-2021-29425", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-29425", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-29425", }, ], release_date: "2021-04-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2021-09-23T16:26:18+00:00", details: "Before applying this update, ensure all previously released errata relevant to your system have been applied.\n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2021:3658", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-apache-commons-io-0:2.10.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-artemis-wildfly-integration-0:1.0.4-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.1-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.7-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.21-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.21-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.4.35-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.4.35-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jakarta-el-0:3.0.3-2.redhat_00006.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.23-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-8.Final_redhat_00009.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-8.Final_redhat_00009.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jgroups-kubernetes-0:1.0.16-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-picketbox-0:5.0.3-9.Final_redhat_00008.1.el8eap.src", "8Base-JBEAP-7.4:eap7-picketbox-infinispan-0:5.0.3-9.Final_redhat_00008.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.9-2.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.1-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-velocity-0:2.3.0-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-velocity-engine-core-0:2.3.0-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.1-2.GA_redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.5-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.5-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.8-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.1-2.GA_redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.14-2.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xalan-j2-0:2.7.1-36.redhat_00013.1.el8eap.src", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-yasson-0:1.0.9-1.redhat_00001.1.el8eap.src", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6", }, ], }
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.